Jamf Pro 10.4 and Quick Add package Bug
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-09-2018 01:39 PM
I was having problems with the new Quick Add package that I created after we updated to Jamf Pro 10.4. It seems that there is a bug in the Scripts>postinstall script.
I had to open the newly created Quickadd package in Composer
Scripts>postinstall scroll down to the "Use the correct binary for the os version," There is a command line missing - in my QuickAdd it is line 54. I have attached a screen shot /bin/mkdir -p /usr/local/bin
Once that command was entered, and the QuickAdd was saved, I was back in business.
I hope this helps others!
- Labels:
-
jamf binary
-
Package Building
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-10-2018 12:50 PM
I should have indicated the symptoms of the problem
Unable to use jamf commands in terminal -- Jamf command not found
Jamf Remote indicated
Failed to symlink JAMF The file "jamf" couldn't be saved in the folder "bin".
Failed to symlink JAMFAgent The file "jamfAgent" couldn't be saved in the folder "bin".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-15-2018 06:47 AM
Thanks KAD, solved my problem (one of many!)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-16-2018 12:30 AM
Seems like it didn't solve my problem after all, I'm still getting 'Jamf command not found' and I've double checked the package and the script. The file and folder structure of /usr is correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-24-2018 08:06 AM
I have the same issue after enrollment, the Jamf command does not function and I need to run the binary directly. It does not matter if I use the QuickAdd package or just install the MDM profile, same issue. I did notice that this issue does not exist when using Casper Imaging.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-25-2018 10:16 AM
This issue was noticed in our environment following upgrade to 10.4.1 exactly as noted above by the original poster. Systems were enrolling correctly to Jamf PRO but had no access to utilize the Jamf binary afterward. All commands would fail. Upon comparing the newly generated QuickAdd package to our prior version QuickAdd package, we found that the mkdir command for /usr/local/bin was simply not present in the default postflight script included in the QuickAdd package by Recon 10.4.1. Adding that single line into the script resolved the issue for us. Had to removeFramework and delete the botched symlink on test units in order to get a clean test with the new, modified package. The resulting QuickAdd has worked for us consistently and provided a Jamf binary that is correctly accessible and functional for the end-user. Great catch @KAD! Thank you for posting your experience. You pointed us to exactly the right spot to quickly resolve this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2018 07:21 PM
Same Problem here. I've added the line to the post install script, but I still get the same error and can't remove framework.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-31-2018 01:16 PM
We've also ran into this issue. Did a quick chat with JAMF and they are aware. Under PI-005852.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-01-2018 09:14 AM
Anyone else seeing:
jamf[1120:8794] CFNetwork SSLHandshake failed (-9807)
When running a jamf recon on a workstation with a modified quickadd.pkg as noted above?
I imaged three machines, one with the original quickadd, one with a modified quickadd and one enrolled via DEP. Only the modified quickadd.pkg is giving the noted error on a recon.
Just checking with JAMF supported about this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-01-2018 09:57 AM
Thanks for this thread! Updated to 10.4.1 today and was having this issue. Adding the line to the quickadd package fixed it. I also created a policy that runs on the machines that had the faulty quickadd done on them that removes the bad /usr/local/bin symlink, then installs the working quickadd, all is golden
Thanks!
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-08-2018 03:40 AM
For anyone seeing this,
You need to remove the already in place folders in /usr/local/jamf then re-run the quick-add package. If you dont then it wont be able to re-add the folders etc. You should also probably remove the /Library/Application Support/Jamf folder. Though this will re-appear immediately
I also removed the computer from the JSS just to make sure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-08-2018 08:03 AM
I've just created script to fix this on enrollment instead of modifying each quickadd.pkg. This seems to be working for me.
#!/bin/bash
# check for symlink
if [ -L "/usr/local/bin" ] ; then
rm "/usr/local/bin"
mkdir "/usr/local/bin"
ln -s "/usr/local/jamf/bin/jamf" "/usr/local/bin/jamf"
ln -s "/usr/local/jamf/bin/jamfAgent" "/usr/local/bin/jamfAgent"
chown -R root:wheel "/usr/local/bin"
fi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-26-2018 03:23 AM
I'm still seeing this behaviour with 10.5.0.
Is there a ticket I can follow for this bug?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-26-2018 09:03 AM
We've also ran into this issue. Did a quick chat with JAMF and they are aware. Under PI-005852.
This is all they gave me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-11-2018 11:08 AM
So, if we indeed go and "fix" this with one of the methods listed, what happens when Jamf actually fixes it? Will the fixed dir just continue to work?
Don't want to have to track down all this mess if we make a work-around...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-17-2018 10:12 AM
BTW, thanks @ubcoit - this little script running after enrollment did the trick.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2018 04:47 AM
This is one of the reasons we stopped making QuickAdd packages years ago, and we restrict the ability to do so as well.
We send techs to the https://server.domain.com:8443/enroll page instead.
We have deferred the MDM User Allowed Enrollment workflow (*) to macOS 10.14 and might defer it further (Jamf can provide the MySQL steps).
So new enrollments do not show the PI-005852 issue in our environment.
# ls -lF /usr/local | grep bin
drwxr-xr-x 6 root wheel 192 Jul 23 11:48 bin/
and
# ls -lF /usr/local/bin/ | grep jamf
lrwxr-xr-x 1 root wheel 24 Jul 20 10:49 jamf@ -> /usr/local/jamf/bin/jamf
lrwxr-xr-x 1 root wheel 29 Jul 20 10:53 jamfAgent@ -> /usr/local/jamf/bin/jamfAgent
(*) Ask your Jamf rep, deferring MDM User Allowed Enrollment workflow to a later macOS version is fully supported.
Don
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2018 12:57 PM
Sadly, 10.6.0 doesn't address this one...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2018 06:56 PM
After today's <redacted> testing, we are definitely going to defer the MDM User Allowed Enrollment workflow to macOS 10.15.
As mentioned earlier, ask your Jamf rep, deferring MDM User Allowed Enrollment workflow to a later macOS version is fully supported.
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-25-2018 01:14 PM
Hello everyone, PI-005852 was fixed for 10.6.0. If you are finding a QuickAdd package from Recon.app still does not create the /usr/local/bin directory please reach out to support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-25-2018 01:53 PM
I believe 10.6.0 has addressed it but didnt make it into release notes (as of today at least). See my post here https://www.jamf.com/jamf-nation/discussions/28764/jamf-quickadd-symlinks-usr-local-bin-causing-install-problems-for-other-apps#responseChild169545
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-25-2018 01:54 PM
@donmontalvo when you said you just send techs to the enroll page, do you create new users for them or have them enroll with a generic user account?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 09:55 AM
@drhoten - I just looked again, and PI-005852 is not shown as a fixed issue. Just want to make sure before I move forward.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 11:11 AM
@drhoten agreed - updated a ticket for them to revise release notes - hasnt happen, if it'll happen at all yet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 11:19 AM
I can confirm creating a new quickadd package on 10.6 resolved this issue for me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 11:54 AM
Also confirmed that enrolling via URL or new QuickAdd works as expected. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 11:59 AM
The big question now is for people who had the old quickadd/enroll run that had the missing line, do we have them re-enroll or rerun quickadd or just push that quickfix script out above to all folks?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-26-2018 12:14 PM
@obing Just run the script above by @ubcoit and have it run once on each Mac.
It should not hurt anything and would fix any that need it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-27-2018 06:57 AM
Thanks to everyone who confirmed PI-005852 was fixed, but not called out in the release notes.
The release notes for 10.6 have now been updated.
Thanks again!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-02-2018 02:55 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-02-2018 08:46 PM
I have two JSS' working fine on 10.6.0.
No idea why his isn't. You'll have to try your own to see what happens I guess.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-03-2018 06:06 AM
@kricotta same here. I can confirm the script corrects my bug issues on current machines and the new 10.6 recon builds new quickadd packages with correct postflight scripts. I've personally verified the old and new quickadd packages from 10.5 and 10.6.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-07-2018 11:45 AM
Having more issues with the QuickAdd package for enrollment. Really really annoying. I can enroll OK using URL, but back to having "unmanaged" Macs if I use a new QuickAdd.
Re-opened my case with Jamf.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2018 05:08 PM
I'm trying this on Mojave beta and wasn't able to enroll via the URL (which doesn't seem to visibly download a quickadd package - it just adds the policy certs and goes from there...), so I upgraded to 10.6.0 and still can't enroll my machine. I thought this might have been a mojave issue, but it looks like it's more of a Jamf Pro issue then? I'll try the script by @ubcoit and see if making the /usr/local/bin folder and chown'ing it to root:wheel helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-09-2018 08:17 AM
@isterling.goaaa - that's what I'm seeing here on 10.13.6. Never downloads the QuickAdd package using the URL.
If I make a QuickAdd, it shows up "unmanaged" and it isn't managed.
Also on JSS 10.6.0. I have a case open with Jamf, please do the same so they put some attention to this mess.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-09-2018 09:41 AM
I just realized that the script from @ubcoit won't work for me. What I'm observing is that aside from downloading the certs, nothing else happens. No files are downloaded and no /usr/local/jamf
folder is created, so there's nothing to symlink.
To clarify, I'm experiencing this issue on my QA (non-production) JAMF Pro server, which is running 10.6.0.
My production JAMF Pro server, which runs 10.3.1, is not exhibiting this behavior.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2018 07:16 AM
I have an issue where the computer enrolls, but it shows up on the JSS as [No Name]. Yet the computer has the correct name when i check the computer.
Yet, we where using it yesterday with no problem... it just stop working.
This is a big problem because of how we assign policies, config profiles and software.
This really needs to be fixed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2018 09:00 AM
I hope you guys @steve117 and @isterling.goaaa have opened cases with Jamf?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2018 07:57 AM
@scottb I haven't yet, but I will today.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2018 12:13 PM
So ... I filed a ticket and JAMF closed it as a known issue. The "work around" is to create a quickadd package which doesn't work half the time.
I've added a fresh Mojave-installed mac to my QA environment running JAMF Pro 10.7.1 and after installing the CA Cert and the MDM Profile that get fed to my system by the web server, nothing else happens. You'd figure they'd've fixed this by 10.7.x, no?